Every CVE whose affected-product data names Ibm Lotus Notes, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (71)
CVE-2004-0480 — CVSS 10.0 (critical): Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that…
CVE-2010-1608 — CVSS 10.0 (critical): Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary…
CVE-2006-0119 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to…
CVE-2004-2281 — CVSS 10.0 (critical): Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors…
CVE-2009-3032 — CVSS 10.0 (critical): Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail…
CVE-2012-6349 — CVSS 9.3 (critical): Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to…
CVE-2012-4823 — CVSS 9.3 (critical): Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5…
CVE-2012-4822 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and…
CVE-2012-4821 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and…
CVE-2012-4820 — CVSS 9.3 (critical): Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5…
CVE-2012-2174 — CVSS 9.3 (critical): The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
CVE-2005-2618 — CVSS 9.3 (critical): Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow…
CVE-2005-2619 — CVSS 9.3 (critical): Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and…
CVE-2011-1512 — CVSS 9.3 (critical): Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to…
CVE-2011-1218 — CVSS 9.3 (critical): Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute…
CVE-2011-1217 — CVSS 9.3 (critical): Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute…
CVE-2011-1216 — CVSS 9.3 (critical): Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to…
CVE-2011-1215 — CVSS 9.3 (critical): Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to…
CVE-2011-1214 — CVSS 9.3 (critical): Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to…
CVE-2011-1213 — CVSS 9.3 (critical): Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute…
CVE-2011-0912 — CVSS 9.3 (critical): Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute…
CVE-2007-4222 — CVSS 9.3 (critical): Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to…
CVE-2007-5399 — CVSS 9.3 (critical): Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus…
CVE-2007-5405 — CVSS 9.3 (critical): Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used…
CVE-2007-5406 — CVSS 9.3 (critical): kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec…
CVE-2008-0066 — CVSS 9.3 (critical): Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and…
CVE-2008-1101 — CVSS 9.3 (critical): Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes…
CVE-2008-1217 — CVSS 9.3 (critical): Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote…
CVE-2008-1718 — CVSS 9.3 (critical): Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted…
CVE-2008-4564 — CVSS 9.3 (critical): Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security…
CVE-2007-6020 — CVSS 9.3 (critical): Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as…
CVE-2009-3037 — CVSS 9.3 (critical): Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x…
CVE-2007-6706 — CVSS 9.3 (critical): Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows…
CVE-2007-5909 — CVSS 9.3 (critical): Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by…
CVE-2007-5910 — CVSS 9.3 (critical): Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF…
CVE-2007-6593 — CVSS 8.8 (high): Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x…
CVE-2007-5544 — CVSS 7.8 (high): IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions…
CVE-2006-0121 — CVSS 7.8 (high): Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption…
CVE-2014-3086 — CVSS 7.5 (high): Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other…
CVE-2000-0891 — CVSS 7.5 (high): A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email…
CVE-2000-1138 — CVSS 7.5 (high): Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an…
CVE-2001-1504 — CVSS 7.5 (high): Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is…
CVE-2002-0370 — CVSS 7.5 (high): Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code…
CVE-2009-3114 — CVSS 7.5 (high): The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to…
CVE-1999-0429 — CVSS 7.5 (high): The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved…
CVE-2013-0536 — CVSS 7.2 (high): ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before…
CVE-2013-0522 — CVSS 7.0 (high): The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to…
CVE-2010-5251 — CVSS 6.9 (medium): Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1)…
CVE-2007-6594 — CVSS 6.9 (medium): IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download…
CVE-2013-2977 — CVSS 6.8 (medium): Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5…
CVE-2013-0127 — CVSS 5.8 (medium): IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows…
CVE-2005-2696 — CVSS 5.0 (medium): IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to…
CVE-2014-0892 — CVSS 5.0 (medium): IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes…
CVE-2005-2175 — CVSS 5.0 (medium): The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which…
CVE-2006-5835 — CVSS 5.0 (medium): The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require…
CVE-2006-3778 — CVSS 5.0 (medium): IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As…
CVE-2006-0120 — CVSS 5.0 (medium): Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service…
CVE-2006-0118 — CVSS 5.0 (medium): Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of…
CVE-2006-0117 — CVSS 5.0 (medium): Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via…
CVE-2004-2280 — CVSS 5.0 (medium): Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash)…
CVE-2000-1117 — CVSS 5.0 (medium): The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to…
CVE-2005-1442 — CVSS 4.6 (medium): Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service…
CVE-2005-2454 — CVSS 4.6 (medium): IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and…
CVE-2008-0862 — CVSS 4.3 (medium): IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows…
CVE-2012-4846 — CVSS 4.3 (medium): IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes…
CVE-2007-1941 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6…
CVE-2013-0538 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote…
CVE-2006-1948 — CVSS 4.0 (medium): The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331…
CVE-2007-4309 — CVSS 3.5 (low): IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by…
CVE-2005-1405 — CVSS 2.1 (low): HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows…
CVE-2010-1487 — CVSS 2.1 (low): IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain…